Skip to content
rw3iss Auth

LaravelSessionStore

class rw3iss\AuthServer\Laravel\Bridge\LaravelSessionStore src/Bridge/LaravelSessionStore.php ↗

SessionStore backed by Laravel’s session — the piece that makes the SSO bridge work across the browser redirect round-trip.

The vanilla package’s InMemorySessionStore lives and dies with a single request, so PKCE verifiers written during startSso() would be gone by the time the provider redirects back. Binding this store (done automatically by VenAuthServiceProvider when the bridge is enabled) persists:

  • the auth-server token pair (vauth.access / vauth.refresh) — kept so the app can make authenticatedRequest() calls on behalf of the federated user after the Laravel session is established;
  • per-state SSO payloads (vauth.sso.{state}) with an expiry stamp, consumed atomically on callback.

Laravel’s session driver (cookie, redis, database) is the storage + integrity layer; nothing here writes its own cookies.

Methods

readSsoState()

function readSsoState(string $state): ?array

Returns

  • array<string,mixed>|null

writeSsoState()

function writeSsoState(string $state, array $payload, int $ttlSeconds = 600): void

Parameters

  • $payloadarray<string,mixed>